Android is under attack. Google issued a warning on Dec.1 along with what is essentially an emergency update. This was rushed out to all Pixel users. But for most Samsung users, these fixes are not yet available, despite attacks now underway.
Google confirms CVE-2025-48633 and CVE-2025-48572 “may be under limited, targeted exploitation,” with attacks that can achieve “remote denial of service” on target smartphones “with no additional execution privileges needed.”
Samsung confirmed its own fixes within hours of Google’s warning. It also fixed three other vulnerabilities disclosed by Google’s Project Zero, which studies zero-days “in the hardware and software systems that are depended upon by users around the world.”
Just 24 hours after Google confirmed the Android attacks, the U.S. cyber defense agency issued its own warning, mandating federal staff update or stop using phones. “Android’s Framework,” CISA says on its known exploited vulnerability website, “contains an unspecified vulnerability that allows for privilege escalation.”
But as always when zero-day attacks are disclosed, Android’s disconnect is highlighted. “Samsung is the king of Android,” Android Authority pronounced over the weekend. “Its global market share among Android makers exceeds 30%. In other words, almost one in three people who buy an Android phone end up choosing Samsung.”
Samsung should come first — not Pixel, with its modest market share. But that won’t happen. Samsung bears responsibility for changing an update cycle that still runs a full month to deploy critical fixes to its user base. And it bears responsibility for the lack of seamless updates on all but the Galaxy S25 and one random, mid-range phone.
But in reality, Samsung (and the other Android OEMs) cannot compete with Google and its unique control over hardware and software. Its phones will always come first. First to new versions of the OS, first to new feature releases, first to security updates. That’s why One UI 7 and One UI 8. (Android 15 and 16) were so delayed, frustrating so many.
All Samsung Galaxy phones will get the update — assuming they’re on the monthly schedule. And some may get the updates even if they’re not. But it will deploy by model, region and carrier. Bit by bit. And in a world where Pixel is quick and Apple is quick, Samsung cannot afford to be slow. It seems inevitable that Android must change.
